...
- Introduce test coverage rules: how many tests should be added for each code changes
- Digital signature: use digital signature in delivered packages (already in the plan?)
- Vulnerability fixing SLA: vulnerabilities should be fixed within 60 days
- Security mechanisms
- Which cryptographic algorithms to use to encrypt password
- The security mechanisms within the software produced by the project SHOULD implement perfect forward secrecy for key agreement protocols so a session key derived from a set of long-term keys cannot be compromised if one of the long-term keys is compromised in the future.
- If the software produced by the project causes the storing of passwords for authentication of external users, the passwords MUST be stored as iterated hashes with a per-user salt by using a key stretching (iterated) algorithm (e.g., PBKDF2, Bcrypt or Scrypt).
- The security mechanisms within the software produced by the project MUST generate all cryptographic keys and nonces using a cryptographically secure random number generator, and MUST NOT do so using generators that are cryptographically insecure
5 ONAP Communication Security
Status: Draft
3.1 ONAP Communication Security
Investigate the means to have secure onap communication, leveraging the ONAP credential management.
Examples of uses cases that people may want to see solved.
...